Two-Factor Authentication (2FA)
Two-Factor Authentication (2FA) is an additional layer of security for the Infinity Portal. When 2FA is required, Infinity Portal users must use an authentication app or SMS code to confirm their identities before they get access to the Infinity Portal.
For information about 2FA for MSSP
Managed Security Service Provider (MSSP) - An managed security service provider (MSSP) provides outsourced monitoring and management of security devices and systems. Common services include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services./Distributor child accounts, see Manage Accounts.
An organization can configure and manage 2FA as part of Single Sign-On (SSO Single Sign-On (SSO) - A session/user authentication process that permits a user to enter one name and password in order to access multiple applications.) with an Identity Provider A system entity that creates, maintains, and manages identity information for principals and also provides authentication services to relying applications within a federation or distributed network. Acronym: IdP or IDP.. For example, an organization requires 2FA as part of user authentication through Microsoft Entra ID (formerly Azure AD). Infinity Portal users who log in through Microsoft Entra ID authenticate themselves with 2FA according to the policy configured by the organization's Microsoft Entra ID administrator.
Creating and Editing 2FA Configurations for Your User Account
This video shows you how to verify your phone number for the Infinity Portal and configure 2FA using an authenticator app.
Watch the Video
Verify your phone number for the Infinity Portal to use for 2FA through SMS
-
In the Infinity Portal, open the Profile Settings page. In the upper-right corner:
-
Click the user name, or
-
Click the arrow next to the user name > Profile Settings.
The Profile Settings window opens.
-
-
Verify your mobile phone number for 2FA:
-
In the Phone field, enter your mobile phone number.
-
Click Send code.
Check Point sends an SMS to your phone with a six-digit code.
-
Enter the code in the Enter Code field.
-
Click Verify.
-
Configure an authentication app for 2FA
-
Download one of these authenticator applications to your mobile phone:
-
Google Authentication
-
Microsoft Authenticator
-
Authy
-
-
In the Infinity Portal, open the Profile Settings page. In the upper-right corner:
-
Click the user name, or
-
Click the arrow next to the user name > Profile Settings.
The Profile Settings window opens.
-
-
Toggle the Two-factor Authentication (2FA) switch to ON.
The Two-Factor Authentication (2FA) configuration wizard window opens.
-
Follow the on-screen instructions to connect the authentication app to the Infinity Portal.
Note - If you did not verify your phone number in the Profile Settings window, you must verify it in the Two-Factor Authentication (2FA) configuration wizard.
-
If you want to require yourself to use 2FA for all Infinity Portal accounts, keep the toggle on. If you want to use 2FA only when required by a Primary Administrator of an account, switch the toggle to OFF.
-
Click Finish to close the wizard.
Require yourself to use 2FA for all Infinity Portal accounts
You can require yourself to use 2FA every time you log in to the Infinity Portal, even when the Global Administrator of the Infinity Portal account does not require 2FA.
Use Case: A security administrator works for a Check Point MSSP to manage child accounts. One of the MSSP's customers does not require its own security administrators to use 2FA. The MSSP's corporate policy requires 2FA for all Infinity Portal logins.
Procedure
-
In the Infinity Portal, open the Profile Settings page. In the upper-right corner:
-
Click the user name, or
-
Click the arrow next to the user name > Profile Settings.
The Profile Settings window opens.
-
-
Toggle the Two-factor Authentication (2FA) switch to ON.
If you do not have an authentication app configured, the Two-Factor Authentication (2FA) configuration wizard window opens. Follow the steps in the wizard to configure an authentication app or to require 2FA through SMS.
Note - If you did not verify your phone number in the Profile Settings window, you must verify it in the Two-Factor Authentication (2FA) configuration wizard.
-
Click Finish.
Managing 2FA for Infinity Portal Users
This video shows you how to manage 2FA for Infinity Portal users.
Watch the Video
An Infinity Portal Primary Administrator, Admin, or User Admin can view and reset a user's 2FA configuration.
View users' 2FA configurations
In the Infinity Portal, click 
> Users.
The 2FA configured column of the table shows one of these 2FA configurations for each user:
|
Icon |
2FA Configuration |
|---|---|
|
|
The user does not have 2FA configured. |
|
|
The user has 2FA configured with an authenticator app. |
|
|
The user has 2FA configured with SMS. |
|
|
The user has 2FA configured with an authenticator app and with SMS. |
The 2FA table row shows you the 2FA authentication method(s) that the user configured for himself in Profile Settings. This table row is not related to the 2FA enforcement policy for the tenant.
Reset a user's phone number
Reset a user's phone number in these scenarios:
-
The user gets a new phone with a new number.
-
The user's phone is lost or stolen.
-
The user has a problem using 2FA with SMS.
Procedure
-
In the Infinity Portal, click
> Users. -
Click the table row with the name of the user.
-
Click Edit.
The Edit User window opens.
-
In the Phone number field, enter a phone number for the user.
-
Click Save.
Reset a 2FA application for a user
Reset an authentication app for a user when the user gets a new phone (with the same phone number) or has a problem with the app.
After the reset, if 2FA is required for account login, Check Point sends an SMS with an authentication code to the user's verified phone number.Then, the user can log in to the Infinity Portal and create a new authenticator app configuration (see Verify your phone number for the Infinity Portal to use for 2FA through SMS).
Procedure
-
In the Infinity Portal, click
> Users.The 2FA configured column of the table shows one of these 2FA configurations for each user:
Icon
2FA Configuration
The user does not have 2FA configured.
By appThe user has 2FA configured with an authenticator app.
By phoneThe user has 2FA configured with SMS.
App and phoneThe user has 2FA configured with an authenticator app and with SMS.
-
Select a user from the table and click Reset 2FA.
-
To see updated user information, click Refresh.
Enforcing 2FA Policy for All Users
A Primary Administrator can set a 2FA policy for all users who log in to the Infinity Portal account.
This video shows you how to enforce 2FA for all users of an Infinity Portal account.
Watch the Video
Enforce 2FA for all users of the Infinity Portal account
2FA enforcement settings in the Identity & Access page apply to all users of this Infinity Portal account. Only a Primary Administrator can change these settings.
-
In the Infinity Portal, click
> Identity & Access. -
In the Two-Factor Authentication (2FA) section, select when to enforce 2FA:
-
Enforce Two-Factor Authentication for every login to this account - Users must use 2FA to log in with username and password and for login with SSO through an Identity Provider (IdP).
-
Enforce Two-Factor Authentication for login with username and password - This option is selected by default.
A confirmation window opens.
-
-
In the confirmation window, click Enforce.